Don’t let the cyber skills shortage threaten your security in 2015

The well-documented shortage of qualified information security professionals is inevitably having an effect on organisations’ information security capabilities. Cyber threats are growing in number and severity every day, and competition for appropriately qualified staff is increasing in turn.

In the face of this increased competition, salaries are inevitably rising to attract candidates – often beyond levels that smaller organisations can afford – causing unusually high levels of staff turnover and bringing instability to the sector.

Analysing the 2015 job market, Robert Half found that 30% of CIOs “plan to increase salaries, with the average salary increase around 4%” in the coming year.

70% of respondents to a 2014 KPMG survey, on the other hand, said they were “wary about their organisation’s ability to assess incoming threats”, and “57% of businesses [found] it more difficult to retain specialised staff in cyber skills” because of the “high level of churn due to aggressive headhunting”.

Without the internal resources necessary to secure their networks, many organisations find themselves struggling to cope with the ever-widening threat landscape. Data loss, whether accidental or malicious, can have catastrophic effects for an organisation, ranging from financial penalties and reputational damage to business failure and potential criminal proceedings.

So, what can smaller businesses with budgetary limitations do to ensure the ongoing security of their systems?

Outsourcing to the experts

Recruiter Magazine recently reported that “among the jobs most in demand are penetration testers”.

Penetration testing evaluates an organisation’s current security posture and identifies vulnerabilities by using the same attack vectors that hackers use. The results of a penetration test allow an organisation to take specific remedial action to mitigate threats and address areas of weakness.

Regular testing should be a fundamental part of your monthly and quarterly security checking to ensure your controls are operating as effectively as possible.

Many organisations are understandably wary of entrusting the security of their networks, infrastructure and applications to external organisations. This is why it is essential to use penetration testers who are accredited and approved by a recognised certification body, such as CREST in the UK.